The next upcoming release of Ubuntu will close a security issue that’s been lingering around the popular desktop distro for more than a decade.
The original bug report filed in lieu of this issue back in 2006 has finally been marked as fixed by Alex Murray, Ubuntu Security Tech Lead, at Canonical.
Unlike many other distros, Ubuntu by default creates user home directories with world writable permissions. Murray once again flagged the issue late last year, arguing among other things that Ubuntu now has a significant customer and user-base in the public cloud and server space for whom the world-readable home directories are “more like a footgun than a feature.”
It was originally argued in 2006 that world-writable directories made Ubuntu more convenient for multi-user environments, as it made sharing files between multiple users on a shared desktop much easier.
However as Murray explained, the permissions could spell disaster in today’s connected environment.
Murray proposed changing the default settings to strip away write permissions from anyone except the owner of the directory. “By making this change now, this also gives 3 development releases and 2 interim releases to work through any unforeseen issues etc before landing in an LTS release,” explains Murray.
Since his plan didn’t receive any complaints, he has instead pushed it for implementation in the upcoming 21.04 release. With Ubuntu 21.04, newly-created users won’t be world-readable but can of course be changed by the user/administrator if desired.